[K12OSN] OT: Google Apps

"Terrell Prudé Jr." microman at cmosnetworks.com
Sat Dec 6 06:28:33 UTC 2008 

Nils Breunese wrote:
> David Hopkins wrote:
>
>> On Fri, Dec 5, 2008 at 11:54 AM, Dan Young <dyoung at mesd.k12.or.us> 
>> wrote:
>>> On Fri, Dec 5, 2008 at 8:35 AM, Will Hatch <whatch at anwsu.org> wrote:
>>>> Since google docs is not encrypted, isn't if a violation of FERPA?  
>>>> I'd like to use it, but our tech director tells me that it is not 
>>>> secure, and since student names/information could be part of the 
>>>> documents, that it can't be used.  I would like to hear Google's 
>>>> feelings on this, since they seem to be interested in education.
>>>
>>> It is encrypted automatically for all users when the Google Apps
>>> administrator ticks a box forcing SSL on:
>>> http://www.google.com/support/a/bin/answer.py?hl=en&answer=100181
>>
>> A quick google leads to
>> http://www.google.com/support/a/bin/answer.py?hl=en&answer=60762
>> where one answer says that any administrator (implied Google
>> administrator?) can access any account per their terms of service.
>> Encryption or not, this could be an issue (especially if foreign
>> nationals have access to US citizens/students data and vice-versa?)
>>
>> It is convenient, and useful but it is not what I would call secure
>> given the terms of service that google requires you to agree to.
>>
>> Just my (uninformed) two cents.
>
> I believe they are referring to the administrators for the Google Apps 
> account for your domain. And that's no different from having root 
> access to your own servers.
>
> From that same FAQ: 
> http://www.google.com/support/a/bin/answer.py?answer=106887
>
> ----
> Are Google employees reading my emails and looking at my documents?
>
> Absolutely not. Google employees are not reading your email or other 
> content.
> ----

Yeah...that's what Skype, Yahoo, and MSN said, too, until the Chinese 
Government came a-callin'.  And remember that the telecoms got caught 
letting the NSA wiretap us, in utter violation of the USA FISA laws.

The old UNIX sysadmin's advice of "son, if you ain't got physical 
security, you ain't got nothin'!" rings like a clarion call here.  The 
modern version:  "If you ain't got at least an NDA, then you ain't got 
no recourse."

There's no way in HELL I'd put anything even remotely sensitive up there.

Why is it so "evil" now to just run OpenOffice.org and save documents to 
a central, local file server?

--TP

More information about the K12OSN mailing list